aidX
Workspace
Updates & FAQ
PrivacyTermsSecurityImprint

Security & Privacy Architecture

Last updated: March 2026

mentalhealthGPT is designed for clinical environments where confidentiality, professional secrecy, and data protection are essential. The system architecture prioritises privacy, security, and user data ownership.

Zero-Knowledge Encryption

Clinical content — including chats, documents, and session transcriptions — is encrypted client-side before transmission. The architecture is designed so that aidX cannot access clinical content even if we wanted to.

  • Encryption occurs directly in the user's browser
  • Our servers store only encrypted ciphertext
  • We cannot access the plaintext content of sessions
  • Encryption keys are derived locally and never transmitted in plaintext

Infrastructure Location

Primary infrastructure and stored application data are located on servers in Switzerland.

Hosting provider: Infomaniak Network SA, Geneva, Switzerland
  • Swiss jurisdiction (nDSG)
  • GDPR-compatible data protection
  • No use of US hyperscale cloud providers (AWS, Azure, GCP)
  • Physical infrastructure located in Swiss data centres

AI Processing

AI models run on infrastructure operated by aidX or under our direct control. This ensures maximum control over clinical data processing.

  • No clinical content is sent to OpenAI, Anthropic, or other external AI providers
  • Speech-to-text processing runs locally in the user's browser
  • NER pseudonymisation occurs locally before AI processing
  • Clinical data never leaves the controlled system environment

Encryption Key Architecture

mentalhealthGPT uses a multi-layer encryption model.

Device Key (SK) — Stored locally in the user's browser or device.
Master Key (MK) — Used to encrypt document keys. Decrypted only temporarily in device memory.
Document Encryption Keys (DEK) — Generated per document/session and encrypted with the master key.
  • Keys never exist unencrypted on servers
  • Plaintext keys are never transmitted over the network
  • Multi-device access uses a secure pairing flow

Authentication & Access Control

  • Authenticated API access for all endpoints
  • Server-side subscription validation
  • Short-lived rotating session tokens
  • Secure session management
  • Role-based access for institutional deployments

No shared credentials or global access tokens are used.

Audit Logging

For institutional deployments: Compliance-grade audit logs · Exportable audit history · Tamper-evident log storage
  • Authentication events
  • Administrative actions
  • Access attempts
  • Device identifiers and timestamps

Logs are retained in accordance with legal requirements.

Data Ownership

Users and their organisations retain full ownership of their data. Encrypted content remains under the control of the user.

  • aidX does not access clinical content
  • aidX does not analyse session content
  • User data is not used for model training

Cookies & Tracking

mentalhealthGPT uses only technically necessary session cookies.

  • No advertising trackers
  • No marketing analytics
  • No behavioural profiling tools

Healthcare-Focused Design

mentalhealthGPT is designed in alignment with the requirements of clinical environments.

  • Swiss Federal Act on Data Protection (nDSG)
  • EU General Data Protection Regulation (GDPR)
  • Professional secrecy obligations (Swiss Penal Code Art. 321)
  • ISO 27001-aligned security practices

mentalhealthGPT is not a medical device under EU MDR. It is a clinical decision-support tool. All clinical decisions remain the responsibility of licensed professionals.

Responsible Disclosure

Security researchers who discover potential vulnerabilities are encouraged to report them responsibly. We review all reports promptly and appreciate responsible disclosure.

Please contact: security@aidx.ch

Security Contact

For security or data protection questions: security@aidx.ch aidX AG Bachtelstrasse 57 8330 Pfäffikon ZH Switzerland